#VU99371 Permissions, Privileges, and Access Controls in macOS - CVE-2024-44265
Published: October 28, 2024
Vulnerability identifier: #VU99371
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-44265
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
macOS
macOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Game Controllers. An attacker with physical access to device can input Game Controller events to apps running on a locked device.
Remediation
Install updates from vendor's website.